From the 25 May 2018 the law around processing your personal data is set out in the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. GDPR builds upon existing data protection laws and provides enhanced protection for personal data by imposing stricter obligations on those who process personal data.
Fundamentally personal data must be –
- Processed lawfully, fairly and transparently;
- Collected for specified, explicit and legitimate purposes;
- Be adequate, relevant and limited to what is necessary for processing;
- Be accurate and kept up to date;
- Be kept only for as long as is necessary for processing; and
- Be processed in a manner that ensures its security.
For the purposes of Data Protection legislation, the Northern Ireland Fire and Rescue Service (NIFRS) is a ‘Data Controller’ (the holder, user and processor) of personal data.
NIFRS processes personal information to enable us to undertake prevention, protection and emergency services in the communities we serve. Personal data can be collected for firefighting and emergency services purposes including managing responses to fire and other emergency incidents; and maintaining our own records and accounts including the management of fire service assets.
Other reasons why we collect personal data include –
- Carrying out Home Safety visits;
- For employment and staff training purposes;
- Checking the quality and effectiveness of our services;
- Investigating any concerns or complaints about our services;
- Research and planning of new services;
- Emergency contact information; and
- Agreements you may have with the Fire and Rescue Service.
NIFRS is required to have a Privacy notice which reflects the requirements of GDPR. It aims to make our service users aware of how we process and use your personal data and of your rights in respect of your personal data. Read our Corporate Privacy Notice